From: Szymon ƚwierkosz Date: Sat, 14 Apr 2012 21:43:49 +0000 (+0200) Subject: (bug 32434) API allows reblocking the user without reblock parameter. X-Git-Tag: 1.31.0-rc.0~21242 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/%7B%7B%20url_for%28%27admin_users%27%29%20%7D%7D?a=commitdiff_plain;h=44d988fb72215db57f437c33aaeb37a0937f9796;p=lhc%2Fweb%2Fwiklou.git (bug 32434) API allows reblocking the user without reblock parameter. This change adds special case in processing of the block form. An unused parameter 'AlreadyBlocked' was replaced by 'Reblock'. Parameter 'PreviousTarget' was added so API user can block him/herself. Change-Id: I29275eb4b5f425b7382ba8b7dec050209878f81b --- diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index c879b35d8b..813e4d4bec 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -70,6 +70,7 @@ class ApiBlock extends ApiBase { } $data = array( + 'PreviousTarget' => $params['user'], 'Target' => $params['user'], 'Reason' => array( $params['reason'], @@ -83,7 +84,7 @@ class ApiBlock extends ApiBase { 'DisableEmail' => $params['noemail'], 'HideUser' => $params['hidename'], 'DisableUTEdit' => !$params['allowusertalk'], - 'AlreadyBlocked' => $params['reblock'], + 'Reblock' => $params['reblock'], 'Watch' => $params['watchuser'], 'Confirm' => true, ); diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php index aae1b3497a..ec026e87ab 100644 --- a/includes/specials/SpecialBlock.php +++ b/includes/specials/SpecialBlock.php @@ -693,10 +693,16 @@ class SpecialBlock extends FormSpecialPage { # Try to insert block. Is there a conflicting block? $status = $block->insert(); if ( !$status ) { + # Indicates whether the user is confirming the block and is aware of + # the conflict (did not change the block target in the meantime) + $blockNotConfirmed = !$data['Confirm'] || ( array_key_exists( 'PreviousTarget', $data ) + && $data['PreviousTarget'] !== $target ); + + # Special case for API - bug 32434 + $reblockNotAllowed = ( array_key_exists( 'Reblock', $data ) && !$data['Reblock'] ); + # Show form unless the user is already aware of this... - if ( !$data['Confirm'] || ( array_key_exists( 'PreviousTarget', $data ) - && $data['PreviousTarget'] !== $target ) ) - { + if( $blockNotConfirmed || $reblockNotAllowed ) { return array( array( 'ipb_already_blocked', $block->getTarget() ) ); # Otherwise, try to update the block... } else {